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Office Action Summary 


Application No. 

09/357,726 


Examiner 

Aravind K Moorthy 


Applicant(s) 

WOOD ET AL 


Art Unit 

2131 


- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 12 March 2001 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11, 453 O.G. 21 3. 
Disposition of Claims 

4) K Claim(s) 1-35 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-35 is/are rejected. 

7) S Claim(s) 26 and 29 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10)E3 The drawing(s) filed on 21 July 1999 is/are: a)D accepted or b)|3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
11 )□ The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a>n All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 


3,D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment! s) 


1) |2Sl Notice of References Cited (PTO-892) 

2) ^ Notice of Drafts person's Patent Drawing Review (PTO-948) 

3) Information Disclosure Statement(s) (PTO-1449) Paper No(s) 3. 5. 6 . 


4) O Interview Summary (PTO-41 3) Paper No(s). 

5) CD Notice of Informal Patent Application (PTO-1 52) 

6) D Other: 


U.S. Patent and Trademark Office 

PTO-326 (Rev. 04-01) 
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Part of Paper No. 7 
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DETAILED ACTION 


Specification 


1 . Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

The abstract exceeds the 150-word limit. 


3. Claims 26 and 29 are objected to under 37 CFR 1.75(c), as being of improper 
dependent form for failing to further limit the subject matter of a previous claim. 
Applicant is required to cancel the claim(s), or amend the claim(s) to place the claim(s) in 
proper dependent form, or rewrite the claim(s) in independent form. 

Claim 24 claims an information resource, by only claiming an information resource in 
claim 26 it does not further limit the independent claim. Claim 27 claims a security barrier, by 
only claiming a security barrier in claim 29 it does not further limit the independent claim. 


Drawings 


2. 


The drawings are objected to as stated in form PTO-948. 


Claim Objections 
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Claim Rejections - 35 USC §103 


The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1, 2, 6, 10, 13, 15, 16 and 24-29 are rejected under 35 U.S.C 103(a) as being 
unpatentable over Shwed et al U.S. Patent No. 5,835,726 in view of Chen et al U.S. Patent 
No. 5,602,918. 

As to claims 1, 24 and 27-29, Shwed discloses validating a request message against a 
predefined request message specification. Shwed discloses transmitting the validated request 
message. Shwed discloses validating a response message against a predefined response message 
specification. Shwed discloses that the response message corresponds to the validated request. 
Shwed discloses transmitting the validated response [column 6, lines 3-38]. 

Shwed does not teach a security barrier. 

Chen teaches a system and method for establishing secured communications pathways 
across an open unsecured network, without compromising the security of any parties to the 
communication that involves establishing secured gateways or firewalls between the Internet and 
any party which desires protection, see abstract. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have the firewall replace router 108. After the packet filter in gateway 
122 validated the request message against the predefined specification then it would have passed 
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the request across the firewall. The response message would have been validated by the packet 
filter in gateway 106 and passed across the firewall. 

The motivation to modify Shwed by the teaching of Chen is because firewalls provide a 
safe passage between the secured network and the party on the public network [column 2 lines 
15-21]. 

As to claim 2, Shwed teaches wherein the request and response message specifications 
are predefined in accordance with valid request and response message constraints specific to an 
information resource 212 [Shwed column 6, lines 28-38]. 

As to claim 6, Shwed teaches accessing an information resource in accordance with the 
validated request message and preparing the response message in accordance with the access 
[column 7 lines 7-11]. 

As to claim 10, Shwed teaches the request and the response message validating are 
respectively performed at first 122 and second 106 secure data brokers on opposing sides of the 
security barrier; and wherein the validated request and response message transmissions are 
between the first and second secure data brokers [Shwed column 6, lines 3-38]. 

As to claim 13, Shwed teaches at least one of the validated request message transmitting 
and the validated response message transmitting is via a secure protocol [column 12 lines 66 to 
column 13 line 5]. 

As to claim 15, Shwed as modified by Chen teaches the security barrier includes a 
firewall [Chen figure 1]. 

As to claim 16, Chen teaches that the security barrier includes a secure communication 
channel between servers [column 2, lines 4-14]. 
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As to claim 25, Shwed teaches a second data broker [i.e. gateway 106] on the second side 
of the security barrier, wherein, in response to an access targeting the information resource, the 
second data broker validates a response message against a predefined response message 
specification and forwards only validated response messages across the security barrier [column 
6, lines 3-38]. 

As to claim 26, Shwed teaches an information resource [column 7, lines 7-11]. 

5. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shwed et al 
U.S. Patent No. 5,835,726 and Chen et al U.S. Patent No. 5,602,918 as applied to claim 1 
above, and further in view of Applied Cryptography (hereinafter Schneier). 

As to claim 3, Birrell does not teach that at least one of the request and response message 
specifications is cryptographically secured. 

Schneier teaches the use and benefits of encryption, page 2. 

It would have been obvious to a person having ordinary skill in the art at the time 
invention was made to have had packet filter instructions cryptographically secured. 

It would have been obvious to modify Birrell by the teaching of Schneier because 
cryptography offers authentication, integrity and nonrepudiation, page 2. 

6. Claims 4, 5, 7-9, 14 and 17-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Shwed et al U.S. Patent No. 5,835,726 and Chen et al U.S. Patent No. 
5,602,918 as applied to claim 1 above, and further in view of Bobo, II U.S. Patent No. 
5,870,549. 

As to claims 4, 5, 7-9, 14, 17, 20 and 22, the Shwed-Chen combination teaches receiving, 
at an application proxy 122, an access request targeting an information resource, as discussed 
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above. The Shwed-Chen combination teaches transmitting the request message to a secure data 
broker for the request message validating [column 7, lines 61-65]. 

The Shwed-Chen combination does not teach formatting the request message in a 
structured language corresponding to the request message specification. 

Bobo teaches the translation of messages into XML format [column 21, lines 37-42]. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have gateway 122 as taught by Shwed to format the outgoing packets to 
the XML structured language. 

It would have been obvious to have modified the Shwed-Chen combination by the 
teaching of Bobo because XML is easier to write applications for, easier to understand, and more 
suited to delivery and inter-operability over the Web [column 21 lines 33-37]. 

As to claim 18, the Shwed-Chen combination teaches accessing the information resource 
in accordance with the validated access request [Shwed column 7 lines 7-10] 

As to claim 19, the Shwed-Chen combination teaches receiving, at an application proxy 
[i.e. gateway], an access request targeting the information resource and performing the access 
request formatting at the application proxy [i.e. gateway] [column 6, lines 3-38]. 

As to claims 21 and 23, the Shwed-Chen combination teaches accessing the information 
resource in accordance with the validated access request from a client and supplying the client 
with a response in accordance with the validated response [column 9 lines 17-50]. 
7. Claims 11 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Shwed et al U.S. Patent No. 5,835,726 and Chen et al U.S. Patent No. 5,602,918 as applied 
to claim 1 above, and further in view of Ottensooser U.S. Patent No. 5,905,856. 
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As to claims 1 1 and 12, the Shwed-Chen combination teaches rejecting packets if it is not 
defined by the rules [Shwed column 8, lines 28-33]. The Shwed-Chen teaches forwarding a 
response message without transmission of the request message across the security barrier [Shwed 
column 9, lines 24-27]. 

The Shwed-Chen combination does not teach parsing the request message using Data 
Type Definitions (DTDs) encoding a hierarchy of valid tag-value pairs in accordance with syntax 
of a valid request message. 

Ottensooser teaches parsing the request message using Data Type Definitions (DTDs) 
encoding a hierarchy of valid tag-value pairs in accordance with syntax of a valid request 
message [column 7, lines 58-64; column 10 line 66 to column 1 1 line 30]. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified the Shwed-Chen combination so that gateway of Shwed 
would have parsed the request message using data type definitions, encoding a hierarch of valid- 
tag pairs in accordance with the syntax of a valid request message. If the request message were 
not successfully parsed, an alert message would have been forwarded across the firewall. 

The motivation to have modified the Shwed-Chen combination is that the structure 
permits the use of a simple language that allows the user to write a set of tests that closely 
match the business activities under scrutiny. The language is sufficiently high level so that the 
user does not have to be involved in the highly technical "behind the scenes" type work that 
actually tells the computer application what to do. Other products on the market are not as 
advanced and rely on the skills of computer programmers to write test plans rather than business 
users [column 13, lines 47-58]. 
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8. Claims 30, 31-33 and 35 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Clark et al U.S. Patent No. 5,710,889 in view of Chen et al U.S. Patent No. 5,602,918. 

As to claims 30 and 32, Clark discloses data broker code and parser code executable on a 
first network server. Clark discloses an information source [repository 11]. Clark discloses that 
the data broker code includes instructions executable as a first instance thereof to receive access 
requests in a structured language corresponding to a predefined request message specification 
and to forward validated ones of the access requests toward the information resource. Clark 
discloses the parser code includes instructions executable as a first instance thereof to validate 
the received access request against the predefined request message specifications [column 5 line 
63 to column 6 line 29; column 10 lines 53-61]. 

Clark does not teach a security barrier separating the first network server and the 
information resource. 

Chen teaches a system and method for establishing secured communications pathways 
across an open unsecured network, without compromising the security of any parties to the 
communication that involves establishing secured gateways or firewalls between the Internet and 
any party which desires protection, see abstract. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have a firewall between the first network server and the information 
source. Only the validated access requests would cross the firewall toward the information 
resource. 
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The motivation to modify Clark by the teaching of Chen is because a firewall provides a 
safe passage between the secured network and the party on the public network [column 2 lines 


As to claim 31, Clark discloses an encoding of the predefined request message 
specification [column 7 lines 53-63]. 

As to claim 33, Clark discloses an encoding of the predefined response message 
specification [column 8 lines 31-35], 

As to claim 35, Clark discloses the computer program code is transmitted in at least one 
computer readable medium from an electronic storage medium and on a network [column 5 lines 
30-48]. 

9. Claim 34 is rejected under 35 U.S.C. 103(a) as being unpatentable over Clark et al 
U.S. Patent No. 5,710,889 and Chen et al U.S. Patent No. 5,602,918 as applied to claim30 
above, and further in view of Bobo, II U.S. Patent No. 5,870,549. 

The Clark-Chen combination does not teach that the application proxy code includes 
instructions executable to format the access requests in accordance with the structured language 
corresponding to the predefined request message specification. 

Bobo teaches instructions executable to format the access requests in accordance with the 
structured language corresponding to the predefined request message specification. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have the application proxy code have instructions to format the access 
requests in accordance with the structured language corresponding to the predefined request 
message specification [column 21, lines 37-42]. 


15-21]. 
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It would have been obvious to have modified the Clark-Chen combination by the 
teaching of Bobo because XML is easier to write applications for, easier to understand, and more 
suited to delivery and inter-operability over the Web [column 21 lines 33-37]. 


10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 


If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gail O Hayes can be reached on 703-305-9711. The fax phone numbers for the 
organization where this application or proceeding is assigned are 703-746-7239 for regular 
communications and 703-746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-1373. 

April 16, 2003 


Conclusion 


The examiner can normally be reached on Monday-Friday, 8:00-5:30. 


GAIL HAYES uv 
SUPERVISORY PATENT EXAMINER 

TECHNOLOGY CENTER 2100 



